TW486902B - Method capable of preventing electronic documents from being illegally copied and its system - Google Patents

Abstract

The present invention provides a method used in a computer system for preventing electronic documents from being illegally copied. The computer system includes a server connected to a plurality of terminals via an Internet. Each terminal has at least one computer identification code representing the terminal. The method comprises a registration procedure and a document demand procedure. The registration procedure includes the following steps: (1) the user loads a reading application program in a terminal, and the reading application program includes a first encryption key; (2) the user registers to the server via the reading application program as a legal terminal, and thus the server obtains the related user data; (3) after completing the legal registration for the terminal, the server generates an user identification code and a second encryption key dedicated for the user, and the user identification code and the second encryption key are encrypted by the first encryption key and transmitted to the legally registered terminal; and (4) when the computer identification code obtained from being compared by the reading application program is the same as the computer identification code of the current terminal, the second encryption key is used to decrypt the received encrypted text; otherwise, the subsequent decryption is terminated to prevent the electronic document from being copied by illegal terminals.

Description

486902 V. Description of the invention (1) The present invention provides a method for preventing electronic piracy in a computer system, especially a method for preventing the use of the Internet to download electrons to an electronic reading device, but illegally copying to other electronic devices. Read how to install. Traditionally, knowledge was broadcasted by books or magazines printed on paper. The rise of radio and television accelerated the spread of knowledge. Today, the rapid development of communications and the Internet has spread knowledge to the world at an alarming rate. On every corner. Due to the development of Internet technology, many new business models have been created. These new business models have a common feature in that they use the Internet to do business, which is known as sub-commerce recently. For example, traditionally, if you want to buy a book, you have to go to the bookstore to find it and buy it. Due to the rise of the Internet, online bookstores such as AMAZON allow users to find what they want online and place an order. . Although this makes the way of purchasing books larger, there is still an inconvenience that is related to the storage of books. Once more books are purchased, more and more space is needed to store them, and management is more complicated. In view of this, the concept of "e-reading device" has been proposed to meet this need, that is, to digitally form the text or pictures in the original book into an e-book. Consumers only need a terminal to connect to it and add some With specific program software, you can easily download the e-books or documents you want online, and download the e-books to the consumer document files for the transfer of computers and information. Retention, response, net, buyer

486902 V. Description of the invention (2) The terminal can be read at the terminal. The terminal that can meet this demand is also called "electronic reading device". In the past, many publishing groups wanted to invest in the operation of e-bookstores and e-books in view of this large consumer market. However, because some supporting mechanisms had not yet been established, they temporarily stopped. One reason is the immaturity of the market implied by consumers' reading habits. In other words, most consumers are still accustomed to reading books in paper form. To promote the use of "e-reading devices" to read e-books, consumers must overthrow the deep-rooted reading habits of consumers, and must also undergo lengthy education and The process of adaptation. However, another more important factor is the low cost of re-copying and the ability to easily disseminate and disseminate, which makes the market for electronic books face a serious threat that cannot be developed. This serious threat comes from a headache that is hard to solve for dealers engaged in the sale of e-books: E-books can be easily copied and distributed to third parties who are not parties to the transaction. E-books are convenient because they are intangible electronic files. Compared with traditional books with physical forms, they are naturally easier to transfer and can save a lot of space. However, because they are easy to transfer, It allows consumers to purchase and read legally, but can illegally copy and transmit it to other people. In other words, if a complete e-book trading mechanism cannot be designed to effectively prevent the situation of "legitimate purchase but illegal distribution", every time an e-book dealer sells an e-book to a certain consumer, it is equivalent to This e-book was given to all other consumers. In this case, the distributor could not maintain a reasonable profit.

486902 V. Description of invention (3) Naturally, sub-commerce cannot survive, which is an important reason why e-books have not been promoted and popularized as fast as expected. However, e-books have the multiple advantages of being paperless in line with the concept of environmental protection, fast in efficiency, and not costing a lot of space, and can save many precious resources. If only the above-mentioned "legal purchase but illegal distribution" is not resolved, The situation cannot be promoted, which is really a great loss of economic benefits. In view of the above problems, the main object of the present invention is to provide a method for preventing electronic documents from being stolen in a computer system, especially a method for preventing electronic documents from being downloaded to an electronic reading device through the Internet, but illegally copying them. To other electronic reading devices to solve the above problems. Please refer to FIG. 1. FIG. 1 is a schematic diagram of a computer system capable of preventing electronic files from being stolen. The anti-theft computer system 100 of the present invention includes a server host 102 that can be connected to the Internet 104 through a firewall device 103, and a plurality of users can also pass through their respective terminals 10. 6, 1 0 8, 1 10 Connect to the Internet 104. The firewall device 103 can be used to separate the server host 10 and the external Internet 104. It can filter the network message packets and set security policies to allow certain specific network services and Secure network messages, such as registered remote login, email, and file transfer, can enter and exit the firewall device 103 to ensure that the settings and information in the server host 102 cannot be illegally invaded or modified. Each terminal 106, 108, 110 can be a personal desktop computer, notebook computer, personal digital

486902 V. Description of the invention (4) Assistant (PDA) or mobile phone (WAP ce 1 1 u 1 ar phone) that can be connected to the Internet, as long as the user's terminal can connect to the Internet and transmit digital information It can be applied to the anti-theft computer system 100 according to the present invention. According to a preferred embodiment of the present invention, the terminals 106, 108, and 110 are personal desktop computers, which include a central processing unit, a hard disk drive, a network card, and an input device. Such as keyboard, mouse, joystick, etc., output devices such as screen, printer, etc. Each of the terminals 106, 108, 110 has at least one computer identification code, which is used to represent the identity authentication of the terminal, such as the identification code of the central processing unit, the identification code of the hard disk drive, or The identification code of the network card can be used as the computer identification code of the terminal, so that the server host 10 can determine each terminal 1 06, 108, 1 1 0 during subsequent electronic transactions or data transmission. Identity or location. Please refer to FIG. 2. FIG. 2 is a functional block diagram of a server host of the anti-theft computer system of the present invention. The server host 1 0 2 includes an interface module 2 1 0, a utility module 2 2 0, a registration module 2 3 0, a cryptographic key generation module 2 4 0, and a cryptographic module 2 5 0 , A transaction processing and verification module 260, a database 270, and a control center 280. The server host 10 is connected to the firewall device 103 through the interface module 2 10, and transmits and exchanges data with the Internet device 104 through the firewall device 103, and when necessary, it transmits data to different specifications. Data for proper data conversion. The server module 1 2 is stored in the utility module 2 2 0.

Page 8 486902 V. Description of the invention (5) Various utility programs for users to download to their respective terminals for free, including, for example, a compiled reading application program to provide users with login, registration, download, and reading The user operation interface of the electronic book, the reading application is attached with a first encryption key, and its function will be described in detail later. The registration module 2 30 can accept the registration of the user and the terminal designated by the user, so that the user can become a legally logged in user, and the designated terminal can also be legally registered to legally download an electronic book. User terminal. The encryption key generation module 240 generates a user-specific second encryption key when the user registers, that is, different users have different second encryption keys. It should be explained here that the first and second encryption keys mentioned above are actually a set of digital bits of a predetermined length, for example, commonly used 5 6 bits or 1 2 8 bits. The key of the preferred embodiment of the present invention The length is 128 bits or higher to enhance its security. The encryption module 250 is used to perform various actions that require encryption. For example, when the document is requested, the encryption module 250 will use the user's second encryption key to encrypt the electronic book purchased by the user so that Subsequent transmission to the user. The transaction processing and verification module 260 is used to deal with matters related to the user's order, and to make necessary confirmation and verification of the source and content of the order. Database 2 70 contains at least three sub-databases: user database 2 7 2. password database 2 7 4. electronic file database 2 7 6. User database

Page 9 V. Description of the invention (β) 2 7 2Φ +, and i capture the basic information of all users after the legal registration, the basic information of the terminal designated by their 7, such as ... Messenger identification code. The password database 2 7 4 stores the user ID and its unique wearer, and the comparison table between the two encryption keys, that is, each registration key generation module is used when registering Corresponding to 2 40, the second encryption key is stored in the password database 274. The electronic file is responsible, and the library 2 7 6 stores the e-books to be provided to readers in the future. Each e-book has a unique e-book code for easy inquiry and $. The control center 280 is used to control the server host 2 and the processing of the control or information flow of each module or database in the server host 102. The work of ::: f Ξ 2 1 3 is the terminal of the anti-theft computer system of the present invention = ϊ π: ΐ ί terminal 106 is taken as an example. Compared with 30 Λ of the terminal 106 of the present invention, it is Λ 3 ί. It includes a central processing unit 圯 丨 thickness 3 2 0, a hard disk drive 304, a home such as a keyboard 308, a mouse 3 1 〇, a joystick Ή 9 stem in the mountain card 3 〇, lose Λ Clothing 3 1 4 and printer 3 1 6 etc. In order to deal with devices such as screen changes, the terminal 106 must transfer data from the server "host 102: or download the compiled utility module 220 on the Internet 104 and the memory of the machine 106 3 2 0 or hard disk drive μ φ reading application mode 3 2 2 to the terminal provides users with a login, registration, and storage. Reading application 322 interface, which is added with the first plus: f4, the operation of reading electronic books. The encrypted file 3 2 6 is decrypted. That is, 1 spoon 3 2 4 can be used for subsequent terminals. For different users,

486902 V. Description of the invention (7) / The required reading application 3 2 2 is the same, so the reading application 3 2 2 is compiled in advance and can be downloaded free of charge by all users who need it. An encrypted recording key 32 4 is not different for different users. When the user uses the reading application of the terminal 10 as an interface to perform registration and registration with the remote server host 10 2 'the procedure includes 1) The server host β 1 〇2 identifies whether the reading application is legitimate Read the app. 2) The server host 1 0 2 uses the registration module 2 3 0 to generate the user identification code and the encryption key generation module 2 40 to generate the corresponding second encryption key. 3) Ancestral clothing is the host 10. Add the user identification code to the user database 2 72 and the second encryption input to the password database 2 7 4. 4) The reading application of the terminal 10 6 is worn by the user Identification code and second encryption key. After the registration of each terminal 106, 108, 1 丨 〇, a terminal encrypted file 3 2 6 will be generated, and the terminal encrypted file 3 2 6 contains the user identification code 3 2 7. User The exclusive second encrypted recording key 32 8 and the computer identification code 330 of this terminal 10 6, the terminal 10 6 encrypts the terminal encrypted file 3 2 6 with the first encryption key 3 2 4 and the encrypted The form is stored in the memory 3 2 0 of the terminal 1 06 or the hard disk drive 3 0 4 to prevent the user from accidentally changing the content therein, and it can also reduce others from viewing and knowing the content illegally. . When the e-book is downloaded and needs to be unlocked, the reading application 322 decrypts the encrypted file 32 ^ = key 3 24 of the terminal to extract the It ’s dense iron participation " brain recognition Code 33 °.

Page 11 486902 V. Description of the invention (8) The method of the present invention will now be described in detail. The method for cooperating with the anti-theft computer system 100 of the present invention includes a registration program and a file requesting program. Before a user wants to use the computer system 100 of the present invention to make an electronic book purchase, the user must first download a reading application 3 2 2 from an Internet bookstore on the server host 102 or the Internet 104. And in the reading application 3 2 2 execute a registration procedure to the server host 102 to become a legally logged in user or member. In addition to the general interface application, the reading application 3 2 2 It also contains the first encryption key 3 2 4 described above. At the same time of registration, not only does the user need to be registered, but the terminal 1 06 that the user wants to download electronic books in the future also needs to be registered. That is to say, during the registration process, relevant basic user information (including the user) The identification code and its corresponding second encryption key 3 2 8) will be registered and stored in the server host 102. The user must also use the registered terminal device 106 at that time as the electronic reading device for downloading electronic books in the future, otherwise, the computer system 100 will determine that the electronic reading device used for downloading electronic books is not registered, and The downloaded e-book cannot be opened normally. When the user uses the reading application 3 2 2 in the terminal 10 to register, the server host 10 2 stores the user identification code in the user database 2 7 2 and then assigns an exclusive second The encryption key 3 2 8 is given to the user, and the one-to-one comparison relationship between the user and his second encryption key 3 2 8 is stored in the password database 2 74, thus completing the user and his terminal 1 0 6 legal registrations. After completing the registration, the server host 102 will start with

486902 、 Invention description (9) The fifth key will encrypt the user identification code 3, the encryption key 328 plus t, and transmit the user's special code, and receive the encryption I & / terminal 1 06 'And after the terminal f%, the first encryption with the user ID 3 2 7 and the second encryption ;; : Will decrypt 3 secrets \ one; the encryption round will decrypt the two, and then y ^ the user identification code and the second encryption bell key together with the representative identification code together to form a machine encrypted file 3 2 6 ' Asia is stored in the legally registered terminal. After this / registration procedure, the terminal 106 can legally download the electronic book and disassociate it with the ja ball.

Please refer to FIG. 4, which is a flowchart of the anti-theft computer system of the present invention during the registration process. The above-mentioned registration procedure is represented by the flow chart 400 as follows: less step 4 〇2: start; evening step 4 〇 · the user selects a terminal 106 for subsequent registration procedures, step 4〇 6: Download the reading application 3 2 2 from the Internet 104 to y / ground machine 1 0 6 · 'Finally known ^ Funeral 4 〇 8: Reading application 3 1 2 by the terminal 1 6 Connect the server and host i to perform registration 2 丨 〇 · Server host 1 〇 Generate user identification code and exclusive

Guangyi ^ key 328 and stored in the user database 2 72 and the password data respectively. Second addition b⑻, bank 2 Step 4 丨 2: The user identification code 327 generated by the temple server host 102

486902 V. Description of the invention (10)% 3 2 4 The encrypted encrypted transmission and its exclusive second encryption key 32 8 are sent to the terminal 106 with the first encryption key a; the first encryption key step 4 1 4: the terminal 1 0 The reading application of 6 uses & q 9 s, and promises to decrypt the encrypted user identification code 3 2 7 and the second plus ice ^; decryption, use the step 4 1 6: terminal 1 0 The reading application of 6 will encrypt the mountain solver identification code 3 2 7 and the second encryption key 3 2 8 together with the representative terminal. The "monthly self-identification code 3 3 0" will be encrypted together to form a terminal power mouth secret 3 Y 6 Six Struggles 4 1 8: The reading application of the terminal 1 06 will grab the terminal and store it as 3 2 6 in its hard disk;

Step 4 2 0 ·· End.

After using 耆 and its terminal 10 to complete registration on the server host 102, you can purchase specific e-books online at any time according to his personal wishes, and download them to the terminal 1 06 This / part is the so-called document requesting procedure in the method of the present invention. The user: browses an online bookstore or related website from the registered terminal on the Internet 104, searches for and decides to purchase an e-book, and sends the purchase order to the server host 102, the server After the host computer 102 performs the necessary confirmation and verification, it will call the electronic document database 2 7 6 for the user's desired purchase, the plain text, and call the user-specific information in the password data library 274. = Two encryption keys =, then use this second encryption recording key 3 2 8 pairs of electronic books = The cipher text should be passed through the Internet again

486902 V. Description of the invention μ :: The reading application 3 of the machine t 2 2 received the purchased e-book essence f Rishou 'said that the first encryption key 3 2 4 attached to the reading application 3 2 2机 加 宓 # q 9⑽ ~ Gan Shijin decrypts in the file 3 2 6 to obtain the second encryption key 3 2 8 and Dianzhi Ma 3 3 〇, then read the application 3 2 2 to decrypt the obtained The electrical identification code 3 3 0 is compared with the current computer identification code 3 1 8 of the terminal 1 106. When the comparison result is the same, it means that the current terminal 16 is a legally registered terminal, and the reading application 3 2 2 will continue to de-poor ... The second encryption key 3 2 8 obtained decrypts the received ciphertext, Use = to read the e-books of XieZhang and Shang / under the interface provided by the reading application 3 2 2. Afterwards, read the application 3 2 2 to identify the computer obtained from the decryption =, compare the computer identification code 3 1 8 of the terminal 1 0 6 and send $ I 焉 3 3 0 and the time, which represents the current terminal 1 0 6 has not passed the legal \ ^^ & result ^ Ί ° i reading is currently different applications 2 encrypted reading electronically using the terminal of the application to distribute it on a computer ”Formula 32 2 together with the e-books it purchased and the registration 'Shi ^ Likou secret file 3 2 6〆 and copy it to another computer, ~ produced by a third person to read', which is the so-called "combined, go to buy it and squat to buy it but illegal 3 2 2 is to stop the follow-up actions, and it will not decrypt the received ciphertext as in the normal book 'Read ^ spoon 3 2 8', so use the ^ form as the first: f. The most likely cause of this situation, 3 ca n’t download e-books on a legally registered terminal, ^ a combination ^ S 2 2 together with the e-books they purchased and Yu Xijia ’s Department will read

Page 15 486902 V. Description of the invention ('12) However, before the reading application 3 2 2 of the present invention decrypts an electronic book, the terminal will first encrypt the computer identification code 3 2 6 obtained in the file 3 2 6 Compare with the computer identification code 3 1 8 of the computer where the decryption work is currently performed, and obtain a comparison result. If the computer where the decryption job is currently located is the same computer as the terminal at the time of registration, this comparison will naturally be the same, which means that the computer where the decryption job is currently located is a legally registered terminal, and the electronic books have not been illegally distributed to other On a computer that has not been legally registered, the reading application 3 2 2 will continue to decrypt to allow the user to read the decrypted e-book. If the computer where the decryption job is currently located is different from the terminal at the time of registration, the result of this comparison is naturally different, which means that the computer where the decryption job is currently located has not been legally registered, that is, the electronic books have been illegally distributed to On other computers that have not been legally registered, the reading application 3 2 2 will stop the decryption step, and users will not be able to decrypt and read even if they obtain illegally distributed electronic books. Please refer to FIG. 5. FIG. 5A is a flowchart of the anti-theft computer system of the present invention on the server host during a document requesting process, and FIG. 5B is a flowchart of the anti-theft computer system of the present invention on a terminal during a document requesting process . The above-mentioned document requesting procedure is represented by the flowchart 5 0 0 as follows: Step 5 0 2: Start; Step 504: The user decides to purchase an e-book in the online bookstore; Step 5 6 ·· Server host 1 0 2 Process the purchase order and perform necessary confirmation and verification;

Page 16 486902 V. Description of the invention (’13) Step 5 0 8: Has the order been verified? Yes, go to step 5 1 2 "No, go to step 5 1 0; step 5 1 0: refuse to accept the order and stop trading immediately; go to step 5 4 0; step 5 1 2: in the electronic file database 2 7 6 Call the plaintext of the purchased e-book; Step 5 1 4: Call the user-specific second encryption key 3 2 8 from the password database 2 7 4; Step 5 1 6: Use this second encryption key 3 2 8 Encrypt the plain text of the electronic book to form the corresponding cipher text; Step 5 1 8: Send the cipher text to the terminal 106 via the Internet 104; Step 5 2 0: The reading application of the terminal 106 3 2 2 Use the first encryption key 3 2 4 to decrypt the terminal encrypted file 3 2 6; Step 5 2 2: Obtain the second encryption key 3 2 8 and computer identification code 3 3 0 after decryption; Step 5 2 4: Get The computer identification code 3 1 8 of the computer on which the current work is located; Step 5 2 6: Read the application program 3 2 2 to compare the computer identification code 3 3 0 obtained from the decryption with the computer identification code 3 1 8 of the current computer; step 5 2 8: Are the comparison results the same? Yes, go to step 5 3 0; No, go to step 5 3 6;

Step 5 3 0: The current terminal 10 has been confirmed to be legally registered. Step 5 3 2 ·· Read the application 3 2 2 with the second encryption key 3 2 8 to decrypt the received electronic book ciphertext;

Page 17 486902 V. Description of the invention (14) Step 5 3 4: The user can read the decrypted electronic book; go to step 5 40; step 5 36: the terminal is not legally registered at present; step 5 3 8: Read the application 3 2 2 to stop the decryption action; Step 5 4 0: End. The above-mentioned preferred embodiment of the present invention is described by using a private key cryptosystem as an example. That is to say, the same encryption key is used to encrypt and decrypt electronic books. Except for both parties of data transmission, other third parties do not know the encryption. What is the content of the key, so it is also called a symmetric cryptosystem, such as the DES algorithm announced by the US National Bureau of Standards, or the IDEA algorithm designed by Lai and Massey. It has strong security, and the speed of encryption and decryption operations Faster. However, the computer system 100 of the present invention can also use the public key cryptosystem to encrypt and decrypt electronic books, that is, each user will have a public gold record that can be published, and one Keep the private key that cannot be leaked. When the encryption module 2 50 of the server host 102 encrypts the electronic book, the public key of the user is used, and when the reading application 3 2 2 receives the received When decrypting the e-book ciphertext, the user's private gold is used. Compared with the conventional technology, the advantages of the anti-theft computer system 100 of the present invention are as follows: 1. The reading operation platforms required by different users or terminals are the same. Since all users read the application 3 2 2 and wait

Page 18 486902 V. Description of the invention (15) The server host 1 0 2 performs registration and document requesting procedures, and the reading application program '3 2 2 becomes a reading operation platform to provide users and server hosts. 1 0 2 The bridge of communication, the reading application 3 2 2 and the first encryption key 3 2 4 are compiled in advance and can be downloaded or copied to any machine for free by users. As one of the objectives of the computer system of the present invention is to prevent possible hindrances during the promotion of electronic books, that is, to prevent the illegal distribution of electronic books, and not to prevent the distribution of reading application programs 3 2 2 itself, and because of the invention The mechanism for preventing the illegal distribution of electronic books is not mainly in the reading application 3 2 2 itself. Therefore, the reading application 3 2 2 is downloaded, copied or distributed by users in large quantities, which will not affect the purpose of the present invention, but will help Promote the concept of electronic books to users, so that the use of electronic books can accelerate their popularity. · 2. When the user registers for the terminal specified by him, the encryption key generation module 24 of the server host 102 will generate a second encryption key that is unique to the user. When a user purchases an e-book, the encryption module 2 50 will encrypt the plain text of the e-book with the second encryption key 3 2 8 to form the corresponding cipher text, and send it to the terminal where the user is After confirming that the terminal is legally registered, the reading application 3 2 2 on the terminal decrypts the received electronic book ciphertext with the second encryption key 3 2 8. Because some previous technologies use the same encryption key to encrypt and decrypt electronic books purchased by different users, once this encryption key is cracked, 0: the ciphertext of all electronic books can be correctly restored to plaintext; However, this issue:. Ming has a dedicated second encryption key for each user, so even if a

Page 19 486902 V. Description of the invention C16) The second encryption key of a user is cracked, and the electronic books purchased by other users cannot be read, so the security of the system can be improved. 3. The encrypted file of the terminal is stored in the terminal in an encrypted form, which can prevent users from accidentally changing its content, and it can also reduce others from viewing and knowing its contents in an illegal way. 4. The encrypted file of the terminal is stored in the terminal, which helps to simplify the complicated procedures that require the user's consent when the privacy rights brought about by the upload of the computer identification code are disclosed. Since the computer identification code required by the present invention for authenticating the terminal is legally registered, the identification code of the central processing unit, the identification code of the hard disk drive, or the identification code of the network card is borrowed, and these identifications The data of the code is considered as part of the user's personal privacy data. The server host 1 02 must obtain the user ’s consent to obtain any such identification code proposed by the user. Therefore, as long as the server host 1 0 2 There are no procedures for obtaining the computer identification code of the terminal to avoid the user's consent. Therefore, the procedure for authenticating whether the terminal is legally registered should have become more complicated. However, according to the design of the present invention, when a user registers for a terminal designated by him, the user identification code and the second encryption key transmitted after decryption will be decrypted together with the computer identification code representing the terminal. The first encryption key is encrypted to generate a corresponding terminal encrypted file. Therefore, it is not necessary to upload the computer identification code to the server host 102 during the registration process. Therefore, when the terminal receives the cipher text of the electronic book purchased by the user, the computer identification code required for the subsequent authentication process performed by i is directly stored in the registration.

486902 V. Description of the invention (17) In the terminal, the computer identification code of the current working terminal naturally does not have to be uploaded to the server host 102, but can be directly compared and authenticated in the terminal, which naturally simplifies the work. The disclosure of privacy rights due to the upload of computer identification codes requires complicated procedures and possible disputes that require user consent. V. Using the computer identification code 3 3 0 obtained in the encrypted file 3 2 6 of the terminal to compare with the computer identification code 3 1 8 of the computer where the decryption work is currently performed can prevent the situation of "legal purchase but illegal distribution". Because the reading application 3 2 2 of the present invention decrypts the electronic book, the computer identification code 3 3 0 obtained from the encrypted file 3 2 6 of the terminal is first performed with the computer identification code 3 1 8 of the computer where the decryption work is currently performed. Compare to confirm that the computer where the decryption is currently performed is the same computer as the terminal at the time of registration, and then determine and read whether the application 3 2 2 will continue to decrypt the ciphertext of the electronic book. Therefore, even if the cipher text of the electronic book is illegally distributed to other computers that are not legally registered, the reading application 3 2 2 will stop the decryption step, so that the illegally distributed electronic book cannot be correctly decrypted and cannot be read. In summary, the computer system of the present invention proposes an effective mechanism to prevent unauthorized copying of electronic files by terminals that have not been legally registered, thus curbing the situation of "legitimate purchase but illegal distribution", and the distribution of electronic books Businesses are willing to invest in the electronic book trading because they can maintain reasonable profits, so the multiple advantages of environmental protection, efficiency, dissemination, and economics of electronic books can be shared by the entire people.

486902 V. Description of the invention (18) The above description is only a preferred embodiment of the present invention. Any equivalent changes and modifications made in accordance with the scope of the patent application for the present invention shall fall within the scope of the invention patent.

Page 22 486902 Simple illustration of the drawing ^ Simple illustration of the drawing. FIG. 1 is a schematic diagram of a computer system capable of preventing electronic files from being stolen. Figure 2 is a functional block diagram of the server host of the anti-theft computer system of the present invention. Figure 3 is a functional block diagram of the terminal of the anti-theft computer system of the present invention. Figure 4 is a flowchart of the anti-theft computer system of the present invention during the registration process. FIG. 5A is a flowchart of the anti-theft computer system of the present invention on the host side of the server during a document retrieval process. Fig. 5B is a flow chart of the anti-theft computer system of the present invention on a user terminal when a file requesting procedure is performed. Explanation of Symbols 100 Anti-theft computer system 102 Server host 103 Firewall device 104 Internet 1 06 > 108, • 1 10 Terminal 210 Interface module 220 Utility module 230 Registration module 240 Encryption key generation Module 250 Cryptographic Module 260 Transaction Processing and Verification Module 270 Database 272 User Database 274 Dense Horse Database 276 Electronic Document Database

Page 23 486902 Brief description of the diagram 280 Control center 302 Central processing unit 304 Hard disk drive 306 Network card 308 Keyboard 310 Mouse 312 Pole 314 Screen 316 Printer 318 Computer identification code of the current working terminal 320 1 Body 322 Read application 324 First encrypted recording key 326 Terminal encrypted file 327 User identification code 328 Second encrypted recording key 330 Computer identification code

Page 24

Claims (1)

486902 VI. Applying for patent protection 1. A method for preventing electronic files from being stolen in a computer system, the computer system includes a server host computer which can be connected to a plurality of terminals via an Internet, each The terminal has at least one identification code representing the terminal. A terminal can request the server host for an electronic file through the Internet, and the server host can encrypt the plain text of the electronic file to form The corresponding ciphertext is transmitted to the terminal via the Internet to decrypt the ciphertext into the original plaintext. The method includes a registration procedure and a document request procedure. The registration procedure includes the following steps: using The reader loads a reading application into a terminal, and the reading application includes a first encryption key; the user uses the reading application to register with the server host as a legitimate terminal; the server host is at After the legal registration of the terminal is completed, a user identification code and a user-specific second encryption will be generated Key, the user identification code and the second encryption key will be encrypted and transmitted to the legally registered terminal; and the reading application of the terminal will further encrypt the received user identification code and the second encryption The key is encrypted together with the identification code representing the terminal to form a terminal encrypted file, which is stored in the legally registered terminal: machine; The file request procedure includes the following steps: When a terminal goes to the server When the host asks for an electronic document, the server host passes the clear text of the electronic document through the second 486902 6. Apply for the encryption of the m-key encryption key to form a corresponding ciphertext, and transmit the ciphertext to the terminal via the Internet; when the terminal ’s reading application receives the ciphertext, First decrypt the encrypted file of the terminal with the first encryption key, and obtain the second encryption key and the identification code of the terminal; and when the reading application compares the obtained terminal identification code with the current terminal When the identification codes are the same, the received cipher text is decrypted with the second encryption key, otherwise the subsequent decryption operation is stopped to prevent illegal copying of the electronic file by the illegal terminal. 2. If the method of claim 1 is applied, the terminal further includes a central processing unit, a hard disk drive, and a network card, and the identification code of the terminal may be the identification code of the central processing unit, The ID of the hard drive or the ID of the network card. 3. The method of claim 1 in the patent scope, wherein the server host includes a user database to record the identification codes of all legal users and their terminals registered through the registration process. 4. For the method in the third item of the patent application, wherein the server host includes an encryption key generation module, the encryption key generation module will generate the user for each different user registered in the user database. Exclusive second encryption key. Page 26 486902 6. Scope of patent application 5. For the method of scope 4 of the patent application, the server host includes a password database, and the password database stores all registered user data and their exclusive rights. The second encryption key. 6. If the method of applying for the first item of the patent scope, wherein the server host includes an encryption module, after the terminal has completed legal registration, the encryption module will register the second encryption key and the user identification code. Encrypted and transmitted to the legally registered terminal. 7. The method of claim 6 in the scope of patent application, wherein the server host includes an electronic file database to store clear text data of a plurality of electronic files, and a control center for controlling the operation of the server host. 8. If the method of claim 7 is applied, when the server host receives a request for the electronic document, the control center will go to the electronic document database to retrieve the plaintext information of the electronic document, and the encryption The module encrypts the plaintext of the electronic file with the second encryption key to form a corresponding ciphertext. 9. The method according to item 1 of the scope of patent application, wherein the first encryption key and the second encryption key are both digital sequences with one, two, and eight digits. 10. The method according to item 1 of the scope of patent application, wherein the server host includes a 'utility module' to store the reading application program for use 486902 6. Those who apply for the patent scope download to the terminal Store and use. . 1 1. A computer system capable of preventing theft of electronic files 7 The computer system includes a server host that can be connected to a plurality of terminals via an Internet, and each terminal has at least one representative of the terminal Machine identification code, a terminal may request the server host for an electronic document via the Internet, and the server host may encrypt the plaintext of the electronic document to form a corresponding ciphertext, and pass the The internet sends it to the terminal to decrypt the ciphertext into the original plaintext. The server host includes: a utility module to store a reading application that contains a first encrypted key, and the reading application The program can be downloaded to the terminal for storage and use; a registration module, when the user uses the terminal's reading application to register with the server host, the registration module will generate a user identification code And registering the terminal as a legitimate terminal; an encryption key generation module for generating a second encryption key exclusive to the user; and The encryption module is used for encrypting the user identification code and the second encryption key, and transmitting the encrypted user terminal to the legally registered terminal; wherein the reading application of the terminal will further receive the received user identification code Encrypt with the second encryption key together with the computer identification code representing the terminal to form a terminal encrypted file to be stored in the legally registered terminal, and when a terminal asks the server host for a 486902 6. When requesting for an electronic document with a patent scope, the encryption module encrypts the plaintext of the electronic document with the second encryption key to form a corresponding ciphertext, and transmits the ciphertext via the Internet to The terminal, when the reading application of the terminal receives the ciphertext, first decrypts the encrypted file of the terminal with the first encryption key, and obtains the second encryption key and the identification code therein, and when When the identification code obtained by the reading application is the same as the identification code of the current terminal, the second encryption key is used to decrypt the received ciphertext, otherwise the subsequent decryption action is stopped to prevent illegal A stolen copy of the electronic file by the terminal. 12. The computer system according to item 11 of the scope of patent application, wherein the terminal further includes a central processing unit, a hard disk drive, and a network card, and the identification code of the terminal may be the central processing unit's ID, the ID of the hard drive, or the ID of the network card. 1 3. The computer system according to item 11 of the scope of patent application, wherein the server host contains a user database to record the identification codes of all legally registered users and their terminals. 14. The computer system according to item 11 of the scope of patent application, wherein the server host includes a password database, and the password database stores all registered user data and its exclusive second encryption key. 1 5. The computer system according to item 11 of the scope of patent application, wherein the server host Page 29 486902 6. Scope of patent application The machine contains an electronic file database to store the plaintext data of multiple electronic files, and a control center to control the operation of the server host. 16. If the computer system of item 15 of the scope of patent application, wherein when the server host receives a request for the electronic document, the control center will go to the electronic document database to retrieve the plaintext information of the electronic document, The encryption module encrypts the plaintext of the electronic file with the second encryption key to form a corresponding ciphertext. 1 7. The computer system according to item 11 of the scope of patent application, wherein the first encrypted recording key and the second encrypted input key are both digital sequences having a length of 128 bits.